4 matches found
[H1] Custom upgrade functionality is dangerous
Lines of code Vulnerability details Impact ā Unsafe upgrade can break protocol Analysis of the vulnerability You are using a custom upgrade for the tokenomics contract not following UUPS standard function changeTokenomicsImplementationaddress implementation external // Check for the contract...
Proxy storage collision - contracts might be bricked
Lines of code Vulnerability details The proxy contracts save the implementation variables in the first storage slot see links above. This will lead to storage collusions when the implementation contract tries to read/update the first storage slot. For the implementation contract, the first storag...
Initialization function can be front-run
Lines of code Vulnerability details Impact The call to the initialize function can be front-run, and a malicious provider can be passed in and set to addressesProvider on any contract that inherits GeneralVault. This is significant because the onlyAdmin modifier checks if the msg.sender is...
STORAGE COLLISION BETWEEN PROXY AND IMPLEMENTATION (LACK EIP 1967)
Lines of code Vulnerability details Impact Storage collision because of lack of EIP1967 could cause conflicts and override sensible variables Proof of Concept contract CoreProxy is Ownable address private immutable implement; When you implement proxies, logic and implementation share the same...